You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openwhisk.apache.org by cs...@apache.org on 2017/11/13 20:49:25 UTC
[incubator-openwhisk-client-go] branch master updated: Add the
support of certificate checking for secure mode (#2864)
This is an automated email from the ASF dual-hosted git repository.
csantanapr pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk-client-go.git
The following commit(s) were added to refs/heads/master by this push:
new a67e850 Add the support of certificate checking for secure mode (#2864)
a67e850 is described below
commit a67e8509a92beb6c68f0c9da43562af1f5d2b13c
Author: Vincent <sh...@us.ibm.com>
AuthorDate: Fri Nov 10 12:01:04 2017 -0500
Add the support of certificate checking for secure mode (#2864)
Closes: #2863
---
whisk/client.go | 77 ++++++++++++++++++++++++++++------------
whisk/info.go | 4 +++
whisk/sdk.go | 5 ++-
wski18n/i18n_resources.go | 22 ++++++------
wski18n/resources/en_US.all.json | 12 +++++++
5 files changed, 86 insertions(+), 34 deletions(-)
diff --git a/whisk/client.go b/whisk/client.go
index aea23ec..8b978ae 100644
--- a/whisk/client.go
+++ b/whisk/client.go
@@ -113,28 +113,6 @@ func NewClient(httpClient *http.Client, config_input *Config) (*Client, error) {
}
}
- // Disable certificate checking in the dev environment if in insecure mode
- if config.Insecure {
- Debug(DbgInfo, "Disabling certificate checking.\n")
- var tlsConfig *tls.Config
- if config.Cert != "" && config.Key != "" {
- if cert, err := tls.LoadX509KeyPair(config.Cert, config.Key); err == nil {
- tlsConfig = &tls.Config{
- Certificates: []tls.Certificate{cert},
- InsecureSkipVerify: true,
- }
- }
- }else{
- tlsConfig = &tls.Config{
- InsecureSkipVerify: true,
- }
- }
-
- httpClient.Transport = &http.Transport{
- TLSClientConfig: tlsConfig,
- }
- }
-
var err error
var errStr = ""
if len(config.Host) == 0 {
@@ -183,11 +161,62 @@ func NewClient(httpClient *http.Client, config_input *Config) (*Client, error) {
return c, nil
}
+func (c *Client) LoadX509KeyPair() error {
+ tlsConfig := &tls.Config {
+ InsecureSkipVerify: c.Config.Insecure,
+ }
+
+ if c.Config.Cert != "" && c.Config.Key != "" {
+ if cert, err := ReadX509KeyPair(c.Config.Cert, c.Config.Key); err == nil {
+ tlsConfig.Certificates = []tls.Certificate{cert}
+ } else {
+ errStr := wski18n.T("Unable to load the X509 key pair due to the following reason: {{.err}}",
+ map[string]interface{}{"err": err})
+ werr := MakeWskError(errors.New(errStr), EXIT_CODE_ERR_GENERAL, DISPLAY_MSG, NO_DISPLAY_USAGE)
+ return werr
+ }
+ } else if !c.Config.Insecure {
+ if c.Config.Cert == "" {
+ warningStr := "The Cert file is not configured. Please configure the missing Cert file, if there is a security issue accessing the service.\n"
+ Debug(DbgWarn, warningStr)
+ if c.Config.Key != "" {
+ errStr := wski18n.T("The Cert file is not configured. Please configure the missing Cert file.\n")
+ werr := MakeWskError(errors.New(errStr), EXIT_CODE_ERR_GENERAL, DISPLAY_MSG, NO_DISPLAY_USAGE)
+ return werr
+ }
+ }
+ if c.Config.Key == "" {
+ warningStr := "The Key file is not configured. Please configure the missing Key file, if there is a security issue accessing the service.\n"
+ Debug(DbgWarn, warningStr)
+ if c.Config.Cert != "" {
+ errStr := wski18n.T("The Key file is not configured. Please configure the missing Key file.\n")
+ werr := MakeWskError(errors.New(errStr), EXIT_CODE_ERR_GENERAL, DISPLAY_MSG, NO_DISPLAY_USAGE)
+ return werr
+ }
+ }
+ }
+
+ c.client.Transport = &http.Transport{
+ TLSClientConfig: tlsConfig,
+ }
+
+ return nil
+}
+
+var ReadX509KeyPair = func(certFile, keyFile string) (tls.Certificate, error) {
+ return tls.LoadX509KeyPair(certFile, keyFile)
+}
+
///////////////////////////////
// Request/Utility Functions //
///////////////////////////////
func (c *Client) NewRequest(method, urlStr string, body interface{}, includeNamespaceInUrl bool) (*http.Request, error) {
+ werr := c.LoadX509KeyPair()
+ if werr != nil {
+ return nil, werr
+ }
+
if (includeNamespaceInUrl) {
if c.Config.Namespace != "" {
urlStr = fmt.Sprintf("%s/namespaces/%s/%s", c.Config.Version, c.Config.Namespace, urlStr)
@@ -629,6 +658,10 @@ func (c *Client) NewRequestUrl(
useAuthentication bool) (*http.Request, error) {
var requestUrl *url.URL
var err error
+ error := c.LoadX509KeyPair()
+ if error != nil {
+ return nil, error
+ }
if (appendOpenWhiskPath) {
var urlVerNamespaceStr string
diff --git a/whisk/info.go b/whisk/info.go
index ce8d269..73ca16c 100644
--- a/whisk/info.go
+++ b/whisk/info.go
@@ -38,6 +38,10 @@ type InfoService struct {
func (s *InfoService) Get() (*Info, *http.Response, error) {
// make a request to c.BaseURL / v1
+ err := s.client.LoadX509KeyPair()
+ if err != nil {
+ return nil, nil, err
+ }
urlStr := fmt.Sprintf("%s/%s", s.client.BaseURL.String(), s.client.Config.Version)
u, err := url.Parse(urlStr)
if err != nil {
diff --git a/whisk/sdk.go b/whisk/sdk.go
index b0e8708..38687d2 100644
--- a/whisk/sdk.go
+++ b/whisk/sdk.go
@@ -39,7 +39,10 @@ type SdkRequest struct {
// Install artifact {component = docker || swift || iOS}
func (s *SdkService) Install(relFileUrl string) (*http.Response, error) {
-
+ err := s.client.LoadX509KeyPair()
+ if err != nil {
+ return nil, err
+ }
baseURL := s.client.Config.BaseURL
// Remove everything but the scheme, host, and port
baseURL.Path, baseURL.RawQuery, baseURL.Fragment = "", "", ""
diff --git a/wski18n/i18n_resources.go b/wski18n/i18n_resources.go
index 206cd63..7fa268c 100644
--- a/wski18n/i18n_resources.go
+++ b/wski18n/i18n_resources.go
@@ -109,12 +109,12 @@ func wski18nResourcesDe_deAllJson() (*asset, error) {
return nil, err
}
- info := bindataFileInfo{name: "wski18n/resources/de_DE.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1506031186, 0)}
+ info := bindataFileInfo{name: "wski18n/resources/de_DE.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1510603210, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
-var _wski18nResourcesEn_usAllJson = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xcc\x98\x51\x6f\xdb\x36\x10\xc7\xdf\xfd\x29\x0e\x7a\x71\x06\xb8\xfa\x00\xdd\x53\xb0\x19\x73\xb0\xae\x31\x56\x67\x7d\x58\x86\x81\x16\xcf\xd6\x21\x12\xc9\x92\x94\x3d\xd7\xd0\x77\x1f\x48\xd9\xb5\xd7\x48\x96\x44\x2b\x59\x9e\x62\x30\xbc\xff\xfd\x78\x3c\x1e\x8f\xfa\x73\x04\xb0\x1f\x01\x00\x44\xc4\xa3\xf7\x10\x3d\x08\xb6\xcc\x10\xac\x04\xc6\x39\x68\x59\x58\x04\xa9\x2c\x49\x61\x60\xbc\xdf\xc7\x87\xdf\x65\x39\x8e [...]
+var _wski18nResourcesEn_usAllJson = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xcc\x58\x5f\x6f\xdb\x36\x10\x7f\xf7\xa7\x38\xf8\xc5\x19\xe0\x0a\x7b\xd9\xc3\xba\xa7\xa0\x33\xe6\xa0\x5d\x63\xac\xce\x3a\x60\x19\x06\x46\x3c\x5b\x87\xc8\xa4\x7a\xa4\x9c\xb9\x86\xbe\xfb\x40\xca\x72\xd2\xc4\xb4\xfe\x58\x49\xf3\x64\x81\xe6\xfd\xee\xc7\xbb\xe3\xfd\xe1\xdf\x03\x80\xed\x00\x00\x60\x48\x72\xf8\x16\x86\x57\x4a\xdc\xa4\x08\x56\x83\x90\x12\x58\xe7\x16\x41\x67\x96\xb4\x32\x30\xda\x6e\xa3\xdd\x77\x51 [...]
func wski18nResourcesEn_usAllJsonBytes() ([]byte, error) {
return bindataRead(
@@ -129,7 +129,7 @@ func wski18nResourcesEn_usAllJson() (*asset, error) {
return nil, err
}
- info := bindataFileInfo{name: "wski18n/resources/en_US.all.json", size: 6538, mode: os.FileMode(420), modTime: time.Unix(1506031828, 0)}
+ info := bindataFileInfo{name: "wski18n/resources/en_US.all.json", size: 7105, mode: os.FileMode(420), modTime: time.Unix(1510603813, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
@@ -149,7 +149,7 @@ func wski18nResourcesEs_esAllJson() (*asset, error) {
return nil, err
}
- info := bindataFileInfo{name: "wski18n/resources/es_ES.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1506031186, 0)}
+ info := bindataFileInfo{name: "wski18n/resources/es_ES.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1510603210, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
@@ -169,7 +169,7 @@ func wski18nResourcesFr_frAllJson() (*asset, error) {
return nil, err
}
- info := bindataFileInfo{name: "wski18n/resources/fr_FR.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1506031186, 0)}
+ info := bindataFileInfo{name: "wski18n/resources/fr_FR.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1510603210, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
@@ -189,7 +189,7 @@ func wski18nResourcesIt_itAllJson() (*asset, error) {
return nil, err
}
- info := bindataFileInfo{name: "wski18n/resources/it_IT.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1506031186, 0)}
+ info := bindataFileInfo{name: "wski18n/resources/it_IT.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1510603210, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
@@ -209,7 +209,7 @@ func wski18nResourcesJa_jaAllJson() (*asset, error) {
return nil, err
}
- info := bindataFileInfo{name: "wski18n/resources/ja_JA.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1506031186, 0)}
+ info := bindataFileInfo{name: "wski18n/resources/ja_JA.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1510603210, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
@@ -229,7 +229,7 @@ func wski18nResourcesKo_krAllJson() (*asset, error) {
return nil, err
}
- info := bindataFileInfo{name: "wski18n/resources/ko_KR.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1506031186, 0)}
+ info := bindataFileInfo{name: "wski18n/resources/ko_KR.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1510603210, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
@@ -249,7 +249,7 @@ func wski18nResourcesPt_brAllJson() (*asset, error) {
return nil, err
}
- info := bindataFileInfo{name: "wski18n/resources/pt_BR.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1506031186, 0)}
+ info := bindataFileInfo{name: "wski18n/resources/pt_BR.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1510603210, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
@@ -269,7 +269,7 @@ func wski18nResourcesZh_hansAllJson() (*asset, error) {
return nil, err
}
- info := bindataFileInfo{name: "wski18n/resources/zh_Hans.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1506031186, 0)}
+ info := bindataFileInfo{name: "wski18n/resources/zh_Hans.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1510603210, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
@@ -289,7 +289,7 @@ func wski18nResourcesZh_hantAllJson() (*asset, error) {
return nil, err
}
- info := bindataFileInfo{name: "wski18n/resources/zh_Hant.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1506031186, 0)}
+ info := bindataFileInfo{name: "wski18n/resources/zh_Hant.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1510603210, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
diff --git a/wski18n/resources/en_US.all.json b/wski18n/resources/en_US.all.json
index 775cf4f..cbbe68d 100644
--- a/wski18n/resources/en_US.all.json
+++ b/wski18n/resources/en_US.all.json
@@ -154,5 +154,17 @@
{
"id": "Authentication key is missing (Please configure testing.auth as the path of the authentication key file in whisk.properties under the OPENWHISK_HOME directory.)",
"translation": "Authentication key is missing (Please configure testing.auth as the path of the authentication key file in whisk.properties under the OPENWHISK_HOME directory.)"
+ },
+ {
+ "id": "Unable to load the X509 key pair due to the following reason: {{.err}}",
+ "translation": "Unable to load the X509 key pair due to the following reason: {{.err}}"
+ },
+ {
+ "id": "The Cert file is not configured. Please configure the missing Cert file.\n",
+ "translation": "The Cert file is not configured. Please configure the missing Cert file.\n"
+ },
+ {
+ "id": "The Key file is not configured. Please configure the missing Key file.\n",
+ "translation": "The Key file is not configured. Please configure the missing Key file.\n"
}
]
--
To stop receiving notification emails like this one, please contact
['"commits@openwhisk.apache.org" <co...@openwhisk.apache.org>'].